mail/dovecot2: update to 2.3.10.1 Update dovecot2 to 2.3.10.1. v2.3.10.1 2020-05-18 Aki Tuomi <aki.tuomi@open-xchange.com> - CVE-2020-10957: lmtp/submission: A client can crash the server by sending a NOOP command with an invalid string parameter. This occurs particularly for a parameter that doesn't start with a double quote. This applies to all SMTP services, including submission-login, which makes it possible to crash the submission service without authentication. - CVE-2020-10958: lmtp/submission: Sending many invalid or unknown commands can cause the server to access freed memory, which can lead to a server crash. This happens when the server closes the connection with a "421 Too many invalid commands" error. The bad command limit depends on the service (lmtp or submission) and varies between 10 to 20 bad commands. - CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part causes the lmtp service to crash.diff -r1.39 -r1.40 pkgsrc/mail/dovecot2/Makefile.common
(taca)
@@ -1,29 +1,29 @@ | @@ -1,29 +1,29 @@ | |||
1 | # $NetBSD: Makefile.common,v 1.39 2020/03/15 22:52:04 adam Exp $ | 1 | # $NetBSD: Makefile.common,v 1.40 2020/05/18 14:20:46 taca Exp $ | |
2 | # | 2 | # | |
3 | # when updating to a new release, update ABI depends in | 3 | # when updating to a new release, update ABI depends in | |
4 | # the buildlink3.mk file as well, since the plugins' version | 4 | # the buildlink3.mk file as well, since the plugins' version | |
5 | # must match (see PR 49563). | 5 | # must match (see PR 49563). | |
6 | # | 6 | # | |
7 | # used by mail/dovecot2/Makefile | 7 | # used by mail/dovecot2/Makefile | |
8 | # used by mail/dovecot2-gssapi/Makefile | 8 | # used by mail/dovecot2-gssapi/Makefile | |
9 | # used by mail/dovecot2-ldap/Makefile | 9 | # used by mail/dovecot2-ldap/Makefile | |
10 | # used by mail/dovecot2-mysql/Makefile | 10 | # used by mail/dovecot2-mysql/Makefile | |
11 | # used by mail/dovecot2-pgsql/Makefile | 11 | # used by mail/dovecot2-pgsql/Makefile | |
12 | # used by mail/dovecot2-sqlite/Makefile | 12 | # used by mail/dovecot2-sqlite/Makefile | |
13 | 13 | |||
14 | DISTNAME= dovecot-2.3.10 | 14 | DISTNAME= dovecot-2.3.10.1 | |
15 | CATEGORIES= mail | 15 | CATEGORIES= mail | |
16 | MASTER_SITES= https://dovecot.org/releases/${PKGVERSION_NOREV:R}/ | 16 | MASTER_SITES= https://dovecot.org/releases/${PKGVERSION_NOREV:R:R}/ | |
17 | 17 | |||
18 | MAINTAINER= adam@NetBSD.org | 18 | MAINTAINER= adam@NetBSD.org | |
19 | HOMEPAGE= https://www.dovecot.org/ | 19 | HOMEPAGE= https://www.dovecot.org/ | |
20 | COMMENT= Secure IMAP and POP3 server | 20 | COMMENT= Secure IMAP and POP3 server | |
21 | LICENSE= mit AND gnu-lgpl-v2.1 AND modified-bsd | 21 | LICENSE= mit AND gnu-lgpl-v2.1 AND modified-bsd | |
22 | 22 | |||
23 | DISTINFO_FILE= ${.CURDIR}/../../mail/dovecot2/distinfo | 23 | DISTINFO_FILE= ${.CURDIR}/../../mail/dovecot2/distinfo | |
24 | PATCHDIR= ${.CURDIR}/../../mail/dovecot2/patches | 24 | PATCHDIR= ${.CURDIR}/../../mail/dovecot2/patches | |
25 | 25 | |||
26 | USE_LIBTOOL= yes | 26 | USE_LIBTOOL= yes | |
27 | USE_TOOLS+= gmake pkg-config rpcgen bash:run | 27 | USE_TOOLS+= gmake pkg-config rpcgen bash:run | |
28 | GNU_CONFIGURE= yes | 28 | GNU_CONFIGURE= yes | |
29 | 29 |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | $NetBSD: distinfo,v 1.103 2020/03/15 22:52:04 adam Exp $ | 1 | $NetBSD: distinfo,v 1.104 2020/05/18 14:20:46 taca Exp $ | |
2 | 2 | |||
3 | SHA1 (dovecot-2.3.10.tar.gz) = cf0d572b640bec519c3c771716d0b32148dc2bd4 | 3 | SHA1 (dovecot-2.3.10.1.tar.gz) = d8afa71f3a7a2c2e406745ff43057ae94ed23871 | |
4 | RMD160 (dovecot-2.3.10.tar.gz) = c4892cc02b7a414a23a03c6adb03acc115c0796b | 4 | RMD160 (dovecot-2.3.10.1.tar.gz) = f68993644d14c4bae321e2525fb6c885724d8ebd | |
5 | SHA512 (dovecot-2.3.10.tar.gz) = 73e10d7d1e616d6599eb53f2d2d1ac0f0f2e6e84019faac5cd525e833da44839a7e483635b61d432e3254a9e5f6f90915bec8940c584210341085241949dffa2 | 5 | SHA512 (dovecot-2.3.10.1.tar.gz) = 5c07436a3e861993f241caa2c60f035c533c5fceb5c8540c1717d31bedd54b82299f7ea11bfee12c72d4d33985d93a7130c4f56877864a7ad21cf7373a29cc06 | |
6 | Size (dovecot-2.3.10.tar.gz) = 7222241 bytes | 6 | Size (dovecot-2.3.10.1.tar.gz) = 7226958 bytes | |
7 | SHA1 (patch-aa) = 3af01aa4a8cea1a3fb840b6243a744de77069611 | 7 | SHA1 (patch-aa) = 3af01aa4a8cea1a3fb840b6243a744de77069611 | |
8 | SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e | 8 | SHA1 (patch-ab) = 9db15fd853ba47ef4bf04f2adc9ab24f71ee4d1e | |
9 | SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b | 9 | SHA1 (patch-ae) = c795585df9f415ceabb28eec1ff691ee26168d3b | |
10 | SHA1 (patch-af) = c066e94dd6593d16eec3e66f5f4d26f021918498 | 10 | SHA1 (patch-af) = c066e94dd6593d16eec3e66f5f4d26f021918498 | |
11 | SHA1 (patch-src_imap_imap-client.h) = 1a2bf95ab6af57d88862a1512624bf263f4c2ce7 | 11 | SHA1 (patch-src_imap_imap-client.h) = 1a2bf95ab6af57d88862a1512624bf263f4c2ce7 | |
12 | SHA1 (patch-src_lib-ldap_ldap-private.h) = 2d5ce32330ad4164cc75f8d209ba499d37ed01fc | 12 | SHA1 (patch-src_lib-ldap_ldap-private.h) = 2d5ce32330ad4164cc75f8d209ba499d37ed01fc | |
13 | SHA1 (patch-src_lib_connection.h) = c147511f4ff50e4b5a048c3a363f0af90ee4c6ad | 13 | SHA1 (patch-src_lib_connection.h) = c147511f4ff50e4b5a048c3a363f0af90ee4c6ad | |
14 | SHA1 (patch-src_old-stats_mail-stats.h) = 0d40c618445c089af2646a6864c3e909812282af | 14 | SHA1 (patch-src_old-stats_mail-stats.h) = 0d40c618445c089af2646a6864c3e909812282af |
@@ -1,16 +1,15 @@ | @@ -1,16 +1,15 @@ | |||
1 | # $NetBSD: Makefile,v 1.20 2020/04/12 08:28:56 adam Exp $ | 1 | # $NetBSD: Makefile,v 1.21 2020/05/18 14:20:46 taca Exp $ | |
2 | 2 | |||
3 | PKGREVISION= 1 | |||
4 | .include "../../mail/dovecot2/Makefile.common" | 3 | .include "../../mail/dovecot2/Makefile.common" | |
5 | 4 | |||
6 | PKGNAME= ${DISTNAME:S/dovecot/dovecot-sqlite/} | 5 | PKGNAME= ${DISTNAME:S/dovecot/dovecot-sqlite/} | |
7 | COMMENT+= (SQLite plugin) | 6 | COMMENT+= (SQLite plugin) | |
8 | 7 | |||
9 | CONFIGURE_ARGS+= --with-sql=plugin | 8 | CONFIGURE_ARGS+= --with-sql=plugin | |
10 | CONFIGURE_ARGS+= --with-sqlite | 9 | CONFIGURE_ARGS+= --with-sqlite | |
11 | 10 | |||
12 | INSTALLATION_DIRS+= lib/dovecot/auth lib/dovecot/dict | 11 | INSTALLATION_DIRS+= lib/dovecot/auth lib/dovecot/dict | |
13 | 12 | |||
14 | do-install: | 13 | do-install: | |
15 | cd ${WRKSRC} && ${LIBTOOL} --mode=install ${INSTALL_LIB} \ | 14 | cd ${WRKSRC} && ${LIBTOOL} --mode=install ${INSTALL_LIB} \ | |
16 | src/lib-sql/libdriver_sqlite.la \ | 15 | src/lib-sql/libdriver_sqlite.la \ |